Patch #4520
closed
Simplify URL Matching in Redmine
0%
Description
In our local Redmine Installation I use this patch to link to arbitrary protocols, e.g. on Ubuntu apt://rake installs rake upon clicking.
In order not to build every possible protocol into the regexp I simple replaced it with "some printable characters". This is obviously overly eager. For example foohttp://www.example.com/ does match with protocol "foohttp", whereas previously it would be recognized correctly.
Anyway, even if you won't include it I'll leave it here, in case someone could use it.
Thanks for this great project!
Files
Updated by Christian Sowada almost 15 years ago
Good Patch,
i've searched a protocol extension for Lotus Notes Links.
I hope that somthing like this patch goes into the release.
Thanks
Updated by Eric Davis almost 15 years ago
This patch would match the javascript: link which could be a security risk.
Updated by Holger Just 9 months ago
- Status changed from New to Closed
Auto-linking (i.e. when just writing a plain URL in the text field) is still restricted to the http/https or ftp/ftps protocols, both in Textile and the two Markdown implementations. While it is debatable if ftp links should be auto-linked nowadays, I don't think we should expand the list of protocols to avoid false-positives.
In any case, you can write explicit links with these protocols today, e.g. "Rake package":apt://rake will be rendered as Rake package when using Textile.
With your patch, the security implications mentioned by Eric still apply. As such, we should not add it to Redmine as is. I'd still like thank you for your contribution, even if rather belated :)